Our mobile phone laboratory has introduced a number of innovative new ways of retrieving evidence from a wide range of mobile phones, that go beyond the reach of traditional forensic software. These include:
Windows Phone 8
Recently we introduced a new service allowing for a full physical image to be created for Windows Phone 8 devices such as the Nokia Lumia 520. Internal development has resulted in a number of scripts and programs being written purely to analyse these handsets.
This allows for Contacts, Calls, SMS Messages, Calendar entries, Social Media Applications, Browser History/Cache, Instant Messaging Clients, Satellite Navigation applications in addition to a large number of third party applications to all be extracted and provided.
Another service we offer is the ability to bypass and recover passcode/password locks from a much larger number of devices than traditionally used forensic tools. This includes a large number of Android handsets. Recent research involved PIN codes being bypassed on Samsung Galaxy S3 Mini handsets. By connecting directly to the phone’s board and performing a full physical image of the memory the PIN code can be bypassed allowing a full forensic analysis to be performed.
Recovery of Deleted Data
Due to the methods used by standard forensic tools such as UFED or XRY only deleted messages whilst the handset was in use will be recovered. By performing an advanced analysis of the full physical image in conjunction with specialist tools we have developed, data which was present prior to a device being factory reset can be recovered from a large number of devices including Android handsets such as the Samsung Galaxy S4, A very large number of old and new Nokia handsets, HTC, LG, Sony Ericsson, ZTE, HUAWEI, Palm, Clone Handsets, Orange and Vodafone amongst many others.
Advanced Data Recovery
A recent case for a police force required 10,000 Live and deleted Text Messages recovering from a Palm Pre mobile phone. Internal methods developed by IntaForensics allowed for a forensic image to be taken of the internal memory. This was then decoded and scripts written which recovered all live text messages and hundreds of deleted messages. Prior to this attempts were made using standard mobile phone forensic tools such as XRY, UFED Touch and Acceso however the handset was not supported for recovery of data other than Media.
These represent just a small proportion of the applications of our research efforts. Some will have direct bearing on UTL’s processes and may be of interest in improving your own control processes. Let me know if you would like to know more.